Now, there's more bad news. Another consumer credit reporting agency, Experian, has a major security problem of its own.

How cybercriminals can easily steal your critical data

One of the first security steps to take following the Equifax breach is to place a freeze on all of your credit reports. Freezing your credit means that creditors can't access any of your credit files unless the freeze is lifted, stopping criminals from opening new accounts under your name. Click here to learn how to set it up.

What's happening now is, Experian is making it too easy for criminals to unlock your credit accounts. When you set up a credit freeze with Experian, you need to select a PIN code. The PIN allows you to lift the credit freeze whenever you want.

Unfortunately, Experian has implemented a PIN recovery system that cybercriminals can easily bypass. If you have a security freeze on your credit report and have forgotten or misplaced your PIN, you simply need to fill out an online form on its site to recover it.

The problem is, criminals who have your stolen data from the Equifax breach, or any other breach for that matter, can also recover your PIN. That's because they simply need to enter the stolen information, along with any email address of their own, to have the PIN sent to that email address. After answering a few security questions, which can most likely be found on the Dark Web, the criminal has your PIN and can unfreeze your credit.

Here is what the Experian PIN recovery form looks like:

Image: Experian's PIN recovery form. (Source: Experian)

Experian really needs to close this loophole so criminals can't steal victims' PIN codes. A better system would be to have the PIN sent to the victims' home through snail mail.

It's still a good idea to set up a credit freeze following the Equifax debacle. You just need to stay vigilant and keep an eye on your credit reports and bank accounts to watch for suspicious activity.

"Experian is aware of media reports concerning the authentication processes we use in the consumer credit freeze PIN retrieval process. These reports portrayed those processes in an incomplete way. To be clear, our authentication processes go beyond requiring users to provide personally-identifiable information (PII) and answering a variety of knowledge-based authentication (KBA) questions. While we do not disclose those additional processes for obvious security reasons, they include a broad array of checks that are not visible to the consumer. Experian regularly reviews its security practices and adjusts as needed. We continue to see the effectiveness of KBA as part of a layered authentication approach."